Browsing CategoryCrimeware

Thanos Ransomware | RIPlace, Bootlocker and More Added to Feature Set

Thanos Ransomware has developed rapidly over the last 6 months, offering a customized RaaS tool with an expanding feature set to build unique payloads.

Crimeware

Inside a TrickBot Cobalt Strike Attack Server

Analysis of a Cobalt Strike Server leveraged in PowerTrick breaches.

Crimeware

Valak Malware and the Connection to Gozi Loader ConfCrew

Valak uses a multi-stage, script-based malware that hijacks email replies and embeds malicious URLs or attachments to infect devices with fileless scripts.

Crimeware

NetWalker Ransomware: No Respite, No English Required

NetWalker is following a now-familiar pattern: increased ransom demands, threats to leak victim data and relentless attacks during the COVID-19 pandemic.

Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.

Crimeware

Meet NEMTY Successor, Nefilim/Nephilim Ransomware

Ransomware families NEMTY, Nefilim and Nephilim continue to evolve and merge, taking on aspects of other successful variants that aim to encrypt and extort.

Crimeware

IcedID Botnet | The Iceman Goes Phishing for US Tax Returns

In light of the extended US tax deadline due to coronavirus, tax fraud remains a viable avenue for the criminal group behind the ICEDID banking malware.

Crimeware

Maze Ransomware Update: Extorting and Exposing Victims

Maze ransomware doesn’t just demand payment for a decryptor but exfiltrates victim data and threatens to leak it publicly if the target doesn’t pay up.

Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations

New “mexec” module delivers tertiary malware and allows TrickBot to pivot within a network, deploy a variety of payloads and evade common detection methods.

Crimeware

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

TrickBot’s loader has received much less attention than other components of the malware. Jason Reaves shows how to reverse engineer the TrickLoader function.

✨ It's SentinelOne Global Virtual Wellness Week for all of our employees! With hundreds of open positions globally,… https://t.co/QXYs5NJPcg6 hours ago
SentinelOne's Brian Hussey in CyberScoop: #Trickbot. Not gone. Continual and steady usage. It's business as usual… https://t.co/k1KmTv6CwH6 hours ago
✨ It's SentinelOne Global Virtual Wellness Week for all of our employees! With hundreds of open positions globally,… https://t.co/eYHcg6ZCti6 hours ago
RT @NoHackn: Here at @AttivoNetworks we're excited to release our integration with @SentinelOne and help defenders succeed in countering fr…6 hours ago

0 / 84

Browsing CategoryCrimeware

Thanos Ransomware | RIPlace, Bootlocker and More Added to Feature Set

Inside a TrickBot Cobalt Strike Attack Server

Valak Malware and the Connection to Gozi Loader ConfCrew

NetWalker Ransomware: No Respite, No English Required

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Meet NEMTY Successor, Nefilim/Nephilim Ransomware

IcedID Botnet | The Iceman Goes Phishing for US Tax Returns

Maze Ransomware Update: Extorting and Exposing Victims

Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative

Resourceful macOS Malware Hides in Named Fork

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware